Re: [exim] Ignoring SSL-Errors on self signed certificates

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMPatrick von der Hagen at <-
MMViktor Dukhovni at ->
Delete this message
Reply to this message
Author: Paul Warren
Date:  
To: exim-users
Subject: Re: [exim] Ignoring SSL-Errors on self signed certificates
On 14/04/2016 14:49, Patrick von der Hagen wrote:
> letsencrypt.org isn't beta any longer and technically
> letsencrypt.org-certificates should work fine. Having the
> renewal-process opening port 80 for a minute every 90 days should be
> acceptable (unless port 80 is occupied...).

letsencrypt.org also now supports DNS-based validation, which is a good
option if you're not running a webserver.

I've setup several non-HTTP SSL servers using the letsencrypt.sh[1]
client, and it works very nicely (assuming you have an API for adding
DNS records). The client has a cron mode which automatically renews
certs that are less than 30 days from expiry. If anything it's less
hassle than managing self-signed certs.

Paul

[1] https://github.com/lukas2511/letsencrypt.sh
>
> On 14.04.2016 15:41, Jeremy McSpadden wrote:
>> It's not an error. That's a warning message. Buy a legit certificate if you don't want to see that warning.
>>
>> --
>> Jeremy McSpadden | Flux Labs
>> Local - 850-250-5590x501<tel:850-250-5590;501> | Mobile - 850-890-2543<tel:850-890-2543>
>> Fax - 850-254-2955<tel:850-254-2955> | Toll Free - 877-699-FLUX<tel:877-699-FLUX>
>> Web - http://www.fluxlabs.net<http://www.fluxlabs.net/>
>>
>>
>> On Apr 14, 2016, at 8:37 AM, Luca Bertoncello <lucabert@???<mailto:lucabert@lucabert.de>> wrote:
>>
>> Zitat von Mike Tubby <mike@???<mailto:mike@tubby.org>>:
>>
>> Unless I am missing something ... the certificate:
>>
>>     a) is self-signed
>>     b) has expired

>>
>> hence a warning and an error.
>>
>> What happens if you make a new self-signed certificate that is "in date" and try that instead?
>>
>> You're right... the certificate is expired...
>>
>> I created a new certificate, but I always get the error:
>>
>> SSL verify error: depth=0 error=self signed certificate cert=/C=DE/ST=Sachsen/L=Dresden/O=Luca Bertoncello/CN=*.lucabert.de/emailAddress=webmaster@???<mailto:Bertoncello/CN=*.lucabert.de/emailAddress=webmaster@???>
>>
>> Any idea?
>>
>> Thanks
>> Luca Bertoncello
>> (lucabert@???<mailto:lucabert@lucabert.de>)
>>
>>
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>
>
>


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Ignoring SSL-Errors on self signed certificatesRe: [exim] Ignoring SSL-Errors on self signed certificates->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)